arrrruuugghhhhh cyrptoapi again
-
(sorry for the repost but this is really bugging me still): The first time i call EncryptString (below) I pass "asdf" it encrypts to to be a length of 25 and encrypts it right. But when i try to encrypt a 2539 length string it returns a string of a length of 225 and only partically encrypted. Why is this happening and how do I fix it? CString CEncyptionClass::EncryptString(CString m_strUnencryptedString) { //variables //Date:11 22 03 CString m_strResultingText; HCRYPTPROV hProv = NULL; HCRYPTKEY hKey = NULL; HCRYPTHASH hHash = NULL; DWORD dwLength; BYTE * pbBuffer; LPTSTR m_tContents=ConvertCStringToChar(m_strUnencryptedString); TCHAR szLocalPassword[] = _T("alongrandompassword"); // // Get handle to user default provider. if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) { // Create hash object. if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) { // Hash password string. dwLength = _tcslen(szLocalPassword); if (CryptHashData(hHash, (BYTE *)szLocalPassword, dwLength, 0)) { // Create block cipher session key based on hash of the password. if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey)) { dwLength= _tcslen(m_tContents); pbBuffer=(BYTE*)malloc(dwLength); if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength)) { m_strResultingText.Format("%s",pbBuffer); CString strShow; strShow.Format("After: %s \r\n(%s)\r\n %d %d", m_strResultingText,m_tContents,strlen((const char*) pbBuffer) ,dwLength); MessageBox(strShow); } free(pbBuffer); } CryptDestroyKey(hKey); // Release provider handle. } } CryptDestroyHash(hHash); // Destroy session key. } CryptReleaseContext(hProv, 0); } return m_strResultingText; } -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
(sorry for the repost but this is really bugging me still): The first time i call EncryptString (below) I pass "asdf" it encrypts to to be a length of 25 and encrypts it right. But when i try to encrypt a 2539 length string it returns a string of a length of 225 and only partically encrypted. Why is this happening and how do I fix it? CString CEncyptionClass::EncryptString(CString m_strUnencryptedString) { //variables //Date:11 22 03 CString m_strResultingText; HCRYPTPROV hProv = NULL; HCRYPTKEY hKey = NULL; HCRYPTHASH hHash = NULL; DWORD dwLength; BYTE * pbBuffer; LPTSTR m_tContents=ConvertCStringToChar(m_strUnencryptedString); TCHAR szLocalPassword[] = _T("alongrandompassword"); // // Get handle to user default provider. if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) { // Create hash object. if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) { // Hash password string. dwLength = _tcslen(szLocalPassword); if (CryptHashData(hHash, (BYTE *)szLocalPassword, dwLength, 0)) { // Create block cipher session key based on hash of the password. if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey)) { dwLength= _tcslen(m_tContents); pbBuffer=(BYTE*)malloc(dwLength); if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength)) { m_strResultingText.Format("%s",pbBuffer); CString strShow; strShow.Format("After: %s \r\n(%s)\r\n %d %d", m_strResultingText,m_tContents,strlen((const char*) pbBuffer) ,dwLength); MessageBox(strShow); } free(pbBuffer); } CryptDestroyKey(hKey); // Release provider handle. } } CryptDestroyHash(hHash); // Destroy session key. } CryptReleaseContext(hProv, 0); } return m_strResultingText; } -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
You sure it's not MessageBox not showing full string?... I assume you may get not printable characters after encoding. "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
The length of pbBuffer and m_strResultText is 225 .. the plain text string is 2539 -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
You sure it's not MessageBox not showing full string?... I assume you may get not printable characters after encoding. "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
The length of pbBuffer and m_strResultText is 225 .. the plain text string is 2539, also it encrypts: "something" fine but then when it gets called to encrypt the 2539 length string it messes up and encodes/returns only 225. -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
The length of pbBuffer and m_strResultText is 225 .. the plain text string is 2539 -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
That means according to your code:
LPTSTR m_tContents=ConvertCStringToChar(m_strUnencryptedString);returns 225 length string... Check ConvertCStringToChar function. "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me -
That means according to your code:
LPTSTR m_tContents=ConvertCStringToChar(m_strUnencryptedString);returns 225 length string... Check ConvertCStringToChar function. "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." MeIt's string is 2539 also, and its right. -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
It's string is 2539 also, and its right. -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
Now I'm a little bit confused: You are saying: I pass "asdf" it encrypts to to be a length of 25 and encrypts it right. But according to your code:
dwLength= _tcslen(m_tContents); pbBuffer=(BYTE*)malloc(dwLength); if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength))You are only allocating 4 bytes in pbBuffer, as dwLength=4. Right? How you get 25? Maybe I missunderstanding... "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me -
Now I'm a little bit confused: You are saying: I pass "asdf" it encrypts to to be a length of 25 and encrypts it right. But according to your code:
dwLength= _tcslen(m_tContents); pbBuffer=(BYTE*)malloc(dwLength); if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength))You are only allocating 4 bytes in pbBuffer, as dwLength=4. Right? How you get 25? Maybe I missunderstanding... "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." MeThe first time that m_Contents is "asdf" it is encrypted to a 25 string (dwLength==25 for the orginal and after ) but then i pass a 2539 character long string to it and it encrypts only 255 (the dwLenght is also at 2539 when it goes to crypt encrypt -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
The first time that m_Contents is "asdf" it is encrypted to a 25 string (dwLength==25 for the orginal and after ) but then i pass a 2539 character long string to it and it encrypts only 255 (the dwLenght is also at 2539 when it goes to crypt encrypt -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
But according to your code with m_tContents="asdf": dwLength= _tcslen(m_tContents); // <= will give you 4 pbBuffer=(BYTE*)malloc(dwLength); // <= pbBuffer should be allocated with 4 bytes if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength)) // <= should encrypt just 4 bytes How you get 25, and if dwLength=25 after the call your pbBuffer is overrun! However you passed dwLength = 4, your CryptEncrypt either should fail or your pbBuffer should be overrun How are you getting 25?... Could you be more specific? "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
-
But according to your code with m_tContents="asdf": dwLength= _tcslen(m_tContents); // <= will give you 4 pbBuffer=(BYTE*)malloc(dwLength); // <= pbBuffer should be allocated with 4 bytes if (pbBuffer != NULL) { memcpy(pbBuffer, m_tContents, dwLength); if (CryptEncrypt(hKey, 0, true, 0, pbBuffer, &dwLength, dwLength)) // <= should encrypt just 4 bytes How you get 25, and if dwLength=25 after the call your pbBuffer is overrun! However you passed dwLength = 4, your CryptEncrypt either should fail or your pbBuffer should be overrun How are you getting 25?... Could you be more specific? "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
noooo... m_tContents would equal "<password>asdf</password>" sorry about that .... ugh -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
noooo... m_tContents would equal "<password>asdf</password>" sorry about that .... ugh -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
If interested: Please provide ConvertCStringToChar() implementation.... "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
LPTSTR CEncyptionClass::ConvertCStringToChar(CString string_to_be_converted) { LPTSTR return_value=new TCHAR[string_to_be_converted.GetLength()+1]; _tcscpy(return_value,string_to_be_converted); return return_value; } -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
-
LPTSTR CEncyptionClass::ConvertCStringToChar(CString string_to_be_converted) { LPTSTR return_value=new TCHAR[string_to_be_converted.GetLength()+1]; _tcscpy(return_value,string_to_be_converted); return return_value; } -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)
I'm almost giving up. But check this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/cryptencrypt.asppadding A string, typically added when the last plaintext block is short. For example, if the block length is 64 bits and the last block contains only 40 bits, then 24 bits of padding must be added to the last block. The padding string may contain zeros, alternating zeros and ones, or some other pattern. Applications that use CryptoAPI need not add padding to their plaintext before it is encrypted, nor do they have to remove it after decrypting. This is all handled automatically So, maybe you need to increase dwLength and make it even with 8 bytes length. However, why CryptEncrypt is not failing then? Or maybe it does? "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
-
I'm almost giving up. But check this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/cryptencrypt.asppadding A string, typically added when the last plaintext block is short. For example, if the block length is 64 bits and the last block contains only 40 bits, then 24 bits of padding must be added to the last block. The padding string may contain zeros, alternating zeros and ones, or some other pattern. Applications that use CryptoAPI need not add padding to their plaintext before it is encrypted, nor do they have to remove it after decrypting. This is all handled automatically So, maybe you need to increase dwLength and make it even with 8 bytes length. However, why CryptEncrypt is not failing then? Or maybe it does? "...Ability to type is not enough to become a Programmer. Unless you type in VB. But then again you have to type really fast..." Me
GetLastError doesn't return an error. The 2539 string is the only thing that messes up for some reason like i said it only encrypts 225 (thats whats returned from pbBuffer with dwLength set by strlen to 2539) and when passed through the decrypt function it returns the first 225 plaintext characters nothing after that -Steven Hicks
CPA
CodeProjectAddict
Actual Linux Penguins were harmed in the creation of this message.
More tutorials: Ltpb.8m.com: Tutorials |404Browser.com (Download Link)